Signal/Signal-Server
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Server synced 2026-04-20 20:38:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enforce no capability downgrade on device verification

Browse Source
This commit is contained in:
Jon Chambers
2020-09-04 18:06:05 -04:00
committed by Jon Chambers
parent e7572094b5
commit 2c6b646d87
4 changed files with 35 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
View File

@@ -190,6 +190,11 @@ public class DeviceController {
throw new DeviceLimitExceededException(account.get().getDevices().size(), MAX_DEVICES);
}
final DeviceCapabilities capabilities = accountAttributes.getCapabilities();
if (capabilities != null && isCapabilityDowngrade(account.get(), capabilities)) {
throw new WebApplicationException(Response.status(409).build());
}
Device device = new Device();
device.setName(accountAttributes.getName());
device.setAuthenticationCredentials(new AuthenticationCredentials(password));
@@ -235,4 +240,9 @@ public class DeviceController {
int randomInt = 100000 + random.nextInt(900000);
return new VerificationCode(randomInt);
}
private boolean isCapabilityDowngrade(Account account, DeviceCapabilities capabilities) {
return (!capabilities.isGv2() && account.isGroupsV2Supported())
|| (!capabilities.isUuid() && account.isUuidAddressingSupported());
}
}

5
service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountAttributes.java
View File

@@ -67,11 +67,11 @@ public class AccountAttributes {
@VisibleForTesting
public AccountAttributes(String signalingKey, boolean fetchesMessages, int registrationId, String pin) {
this(signalingKey, fetchesMessages, registrationId, null, pin, null, null, true);
this(signalingKey, fetchesMessages, registrationId, null, pin, null, null, true, null);
}
@VisibleForTesting
public AccountAttributes(String signalingKey, boolean fetchesMessages, int registrationId, String name, String pin, String registrationLock, List<PaymentAddress> payments, boolean discoverableByPhoneNumber) {
public AccountAttributes(String signalingKey, boolean fetchesMessages, int registrationId, String name, String pin, String registrationLock, List<PaymentAddress> payments, boolean discoverableByPhoneNumber, final DeviceCapabilities capabilities) {
this.signalingKey = signalingKey;
this.fetchesMessages = fetchesMessages;
this.registrationId = registrationId;
@@ -80,6 +80,7 @@ public class AccountAttributes {
this.registrationLock = registrationLock;
this.payments = payments;
this.discoverableByPhoneNumber = discoverableByPhoneNumber;
this.capabilities = capabilities;
}
public String getSignalingKey() {